Cybercriminals are eyeing these 5 targets in 2014
Social networks, smart appliances in hackers' sights, security experts say
Next year, hackers and cybercriminals will increasingly attack via devices such as smart TVs and use data from social networks to craft and target their attacks, cybersecurity experts predict.
Internet security firms Fortiguard Labs, Websense Security Labs, Symantec, Trend Micro and Sophos have all issued their predictions about whom cybercriminals and hackers will be targeting in 2014, and many of them follow similar themes.
Here's a round-up of the top five predicted targets.
1. Smart appliances
Smart TVs, smart fridges and other internet-connected home appliances, ranging from medical equipment to security cameras, are widely expected to become a "magnet for hackers" says Kevin Haley, director of Symantec Security Response in a blog post.
"The companies building gadgets that connect to the internet don’t even realize they have an oncoming security problem," Haley wrote.
"These systems are not only vulnerable to an attack — they also lack notification methods for consumers and businesses when vulnerabilities are discovered. Even worse, they don’t have a friendly end-user method to patch these new vulnerabilities."
One of the concerns is that hackers logging into such appliances may be able to get information about who is home at a given time of day, noted Fortiguard, adding, "This is bound to give cybercriminals new and nefarious ideas around how and when to rob someone’s home."
Fortiguard predicts we'll see the first mass malware for home devices such as smart TVs and appliances later in 2014.
2. Social networks
Attacks by cybercriminals are becoming more targeted, and social networks are becoming a useful source of data for crafting these types of attacks.
Websense predicts that in 2014 hackers will increasingly make use of services such as LinkedIn to lure executives and other potentially lucrative targets.
"This highly targeted method will be used to gather intelligence and compromise networks."
Haley of Symantec adds that cybercriminals won't just be turning to big social networks.
"Scammers, data collectors and cybercriminals will not ignore any social network, no matter how “niche” or obscure," he wrote. "Users who feel it's just them and their friends on these new sites are in for a big (and unpleasant) surprise."
3. The cloud
Businesses are increasingly storing their data in the cloud and on servers outside their own network, and Websense predicts that criminals will increasingly turn their attention to that data this year.
"Hackers will find that penetrating the data-rich cloud can be easier and more profitable than getting through the 'castle walls' of an on-premise enterprise network," WebSense says.
Sophos predicts that cybercriminals will target mobile devices and the credentials of individual employees to gain access to the cloud, perhaps employing blackmail via "ransomware" that threatens to go public with confidential data if the criminals aren't given what they ask for.
According to Sophos, malware aimed at Google's Android grew exponentially in 2013, and is expected to keep growing in 2014 because of the operating system's dominant share of the smartphone market.
"While we expect that new security features in the Android platform will make a positive change in infection rates over time, their adoption will be slow, leaving most users exposed to simple social engineering attacks," the company wrote.
It added that the mobile devices that run Android are "an attractive launching pad for attacks aimed at social networks and cloud platforms."
Trend Micro predicts the number of malicious and high-risk Android apps will hit three million in the coming year.
Fortiguard expects Android malware to expand beyond mobile devices in 2014 to industrial control systems in devices such as smart home appliances.
Plug-ins that allow browsers to run apps in the Java programming language – already responsible for some high-profile cyberattacks – will continue to be exploited in 2014, security experts say.
According to Websense, older, insecure versions of Java are still rampant on the web.
"In 2014, cybercriminals will devote more time to finding new uses for tried-and-true attacks and crafting other aspects of advanced, multi-stage attacks," the company predicted.
Security patches for older versions of Java and Windows are no longer being issued, even when new exploits are found, despite the fact that there are many systems still using this software.
Trend Micro predicts that in the coming year, that "lack of support" will expose millions of PCs to attack.